- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Tue, 20 Nov 2001 23:26:11 -0500
- To: <www-p3p-dev@w3.org>, <www-p3p-policy@w3.org>
The P3P specification working group adopted the following
new text to describe the HINT element in the P3P specification.
The substantive change is in the attributes of the HINT element.
The other changes are simply to make this section more clear.
We expect to issue a new specification document that includes
a new XML schema in the next few weeks. The only difference
between the new and old schema will be the HINT change
and the ability to use the extension mechanism in policy
reference files. Web sites should not adopt these changes
until the new schema is available. We expect that user agents
will be able to process policy reference files using either
the new or the old schema for some time (but note that
IE6 currently does not follow HINTs at all because this was
added to the spec after IE6 was released). The new specification
will also include a number of other editorial corrections and
clarifications, as described at
http://jigedit.w3.org/P3PGroup/lorrie/WWW/P3P/updates.html
Section 2.3.2.6:
Policy reference hints are a performance optimization that can be
used under certain conditions. A site may declare a policy
reference for itself using the well-known location, the P3P
response header, or the HTML link tag. It MAY further provide a
hint to additional policy references, such as those declared by
other sites.
For example, an HTML page might hint at policy references for its
hyperlinks, embedded content, and form submission URIs. User agents
MAY use the hint mechanism to discover policy reference files
before requesting the affected URIs when the policy references are
not available from the well-known location.
User-Agents which use hints to retrive policies MUST NOT apply them
to any site other than the one which contains the hinted policy
reference file.
Any policy reference file MAY contain zero or more policy reference
hints. Each hint is contained in a HINT element with two
attributes, scope and path.
The scope attribute is used to specify a URI scheme and authority
to which the hinted policy reference can be applied. If the
authority component [RFC2396] is a server component (e.g., a
hostname or IP address) the host part of the authority MAY begin
with a wildcard, as defined in Section 2.3.2.1.2. The scope
attribute MUST NOT contain a wildcard in any other position, MUST
be encoded according to the conventions in Section 2.3.2.1.2, and
MUST NOT contain a path, query or fragment URI component.
Additionally, if the authority is a server, it SHOULD NOT contain a
userinfo part.
For example, legal values for scope include:
http://www.example.com
http://www.example.com:81
http://*.example.com
ftp://ftp.example.org
The following are illegal values for the scope attribute:
http://www.*.com ; the wildcard can only be at the start
http://www.example.com/ ; the trailing slash is not allowed
www.example.com ; the scheme must be stated
*://www.example.com ; the scheme cannot contain a wildcard
http://www.example.com:* ; the port cannot contain a wildcard
The path attribute is used to locate the policy reference file on
the hinted site. It is a relative URI whose base is the URI scheme
and authority matched in the scope attribute. The path attribute
MUST NOT be an absolute URI, so that the policy reference file is
always retrieved from the same site that it is applied to.
Example:
<hint scope="http://www.example.org" path="/mypolicy/p3.xml" />
<hint scope="http://www.example.net:81" path="/w3c/prf.xml" />
<hint scope="http://*.shop.example.com" path="/w3c/prf.xml" />
hint = '<HINT scope="' scheme ( '://' | ':/' ) authority '" \
path="' relativeURI '/>'
here, scheme, authority and relativeURI are taken from RFC2396.
Received on Tuesday, 20 November 2001 23:27:32 UTC